Need help with ipv6 native /56 prefix

Can someone have a look at my ipv6 config?

Let me know if you want me to show more settings!

First time it's working a while and dissapeared and not come back after several tries, reboots and configs, have tried to config and I have connection to ISP and my client in lan see ipv6.

Have dnsmasq full installed togeteher with odhcpd

No ipv6 when go to "https://test-ipv6.com/"

My isp give Native with /56 prefix and ipv6-pd

ipv6 upstream:

IPv6 Upstream
Protocol: DHCPv6 client
Prefix Delegated: 2001:xxx:xxx:eb00::/56
Address: 2001:9b0:41::xxxx:2ec5/128
Gateway: fe80::a67b:xxxx:xxxx:ea01
DNS: 2001:9b0::53:1
DNS: 2001:9b0::53:2

interface lan:

Protocol: Static address
Carrier: Present
Uptime: 11h 51m 34s
MAC: 94:83:C4:A5:FF:7F
RX: 42.95 MB (235217 Pkts.)
TX: 315.73 MB (323734 Pkts.)
IPv4: 192.168.46.1/24
IPv6: 2001:xxx:xxx:eb00::1/64
IPv6: fd65:xxx:a308::1/64

interface wan6:

Protocol: DHCPv6 client
Carrier: Present
Uptime: 11h 14m 30s
MAC: 94:83:C4:A5:FF:7D
RX: 273.50 MB (348539 Pkts.)
TX: 49.44 MB (248990 Pkts.)
IPv6: 2001:xxx:xx::5f0b:2ec5/128
IPv6-PD: 2001:xxx:xxx:eb00::/56

Network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd65:xxx:a308::/48'
	option packet_steering '2'
	option steering_flows '128'
	option dhcp_default_duid '00042dd21d271f624cdbbda4fb3ba54dd3a4'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.46.1'
	option netmask '255.255.255.0'
	option multipath 'off'
###	list ip6class 'local'
	option ip6assign '64'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option ipv6 '1'
	option accept_ra '2'
	option peerdns '0'
	option dns_metric '10'
	option multipath 'off'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'
	option reqaddress 'force'
	option reqprefix 'auto'
	option norelease '1'
	option multipath 'off'
###	list ip6class 'local'
###	option ip6assign '64'

config interface 'TRB140'
	option proto 'static'
	option device '@wan'
	option ipaddr '192.168.25.2'
	option netmask '255.255.255.0'

config device
	option type 'bridge'
	option name 'br-guest'
	option bridge_empty '1'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'

config interface 'tun21'
	option proto 'none'
	option device 'tun21'

config interface 'USBWAN'
	option proto 'dhcp'
	option device 'usb0'
	option dns_metric '40'
	option multipath 'off'
	option auto '0'

config interface 'GLMT6000'
	option proto 'none'
	option device 'tun10'

config interface 'sthlm_vpn'
	option proto 'none'
	option device 'tun11'

Firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list device 'tun21'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'
	option masq6 '1'
	list masq_src 'fda9:xxxc:f903::0/64'
	option masq '1'
	list network 'USBWAN'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'guest'

config forwarding
	option src 'guest'
	option dest 'wan'

config rule
	option src 'guest'
	option name 'Allow-DNS-Guest'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option src 'guest'
	option name 'Allow-DHCP-Guest'
	list proto 'udp'
	option dest_port '67'
	option target 'ACCEPT'

config rule
	option src 'lan'
	option dest 'wan'
	option name 'Block-8.8.8.8'
	option target 'REJECT'
	option family 'ipv4'
	list dest_ip '8.8.8.8'

config rule
	option src 'lan'
	option dest 'wan'
	option name 'Block-8.8.4.4'
	option target 'REJECT'
	option family 'ipv4'
	list dest_ip '8.8.4.4'

config rule 'ovpn'
	option name 'Allow-OpenVPN'
	option src 'wan'
	option proto 'udp'
	option dest_port 'xxxx'
	option target 'ACCEPT'

config rule
	option name 'Allow-VPN-to-LAN'
	option src 'vpnclient'
	option dest 'lan'
	option proto 'all'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option src 'wan'
	option name 'Allow-Wireguard'
	list proto 'udp'
	option dest_port 'xxxxx'
	option target 'ACCEPT'

config rule
	option src 'lan'
	option dest '*'
	option name 'Allow-WSD-TCP'
	list proto 'tcp'
	option dest_port '5357'
	option target 'ACCEPT'

config zone
	option name 'wgserver'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'wgserver'

config forwarding
	option src 'wgserver'
	option dest 'lan'

config forwarding
	option src 'wgserver'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'wgserver'

config zone
	option name 'vpnclient'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	list network 'GLMT6000'

config forwarding
	option src 'vpnclient'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'vpnclient'

config zone
	option name 'wgc_vpn10'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option masq6 '1'
	list network 'wgc_vpn10'

config forwarding
	option src 'lan'
	option dest 'wgc_vpn10'

config forwarding
	option src 'wgc_vpn10'
	option dest 'lan'

config zone
	option name 'sthlm_vpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'sthlm_vpn'

config forwarding
	option src 'sthlm_vpn'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'sthlm_vpn'

config rule
	option src 'wan'
	option dest 'lan'
	option name 'Allow-WAN6-LAN'
	option target 'ACCEPT'
	option family 'ipv6'
	option enabled '1'

In LAN config:

list ip6class 'wan6'

When you have a public prefix, do not use NAT6. ULAs are typically not used in a home network and you can remove them to reduce confusion. Most OS endpoints will not try to use the v6 Internet if they don't have a GUA.

Everything looks mostly OK here. You've redacted so much that I can't see if the wan's /128 address is in the same /56 prefix. If the ISP is operating properly, it should not be. ISPs should either give each customer a separate /64 for their router itself or place all customers /128s within one /64.

Can you ping6 from the router to a v6 site? Does the LAN PC endpoint have an IPv6 address?

Hope you mean this:

Prefix Delegated: 2001:9b1:df8:eb00::/56
Address: 2001:9b0:41::5f0b:2ec5/128
Gateway: fe80::a67b:2cff:fe9e:ea01


IPv6: 2001:9b1:df8:eb00::1/64

ping -6 openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1a51:c001): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1a51:c001: seq=0 ttl=54 time=38.140 ms
64 bytes from 2a03:b0c0:3:d0::1a51:c001: seq=1 ttl=54 time=37.580 ms
64 bytes from 2a03:b0c0:3:d0::1a51:c001: seq=2 ttl=54 time=37.536 ms

Yes, what I can se.

If I go to whatsmyip.com I only have ipv4 address.

I have very limited knowledge on ipv6

If you look at the PC's network status, you should see an IPv6 address in the same prefix as the router LAN, which is in the /56 (2001:9b0:XXXX:XX00::/64).

The router has ::1 in that /64, so you should be able to ping the router from the PC.

Sorry for the long response, family got in the way.

What I can see it’s the same.

I can ping router (192.168.50.1)

PING 192.168.50.1 (192.168.50.1): 56 data bytes
64 bytes from 192.168.50.1: seq=0 ttl=64 time=0.147 ms

But I can’t still get any connection to ipv6 from computer, only ipv4 works.

Whoo.. success

I found the problem. Seems my openvpn have 2000::/3 dev tun11 metric 1024 pref medium When removed that I get ipv6.

In openvpn (tun11) added:

list pull_filter 'ignore "route-ipv6"'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.